HyperActive Directories Adding Intelligence Automation to Network Directories

Hyper-Active Directories: Adding Intelligence & Automation to Network Directories with Amber Paul Gardner-Stephen, Tim Seeley, Murray Rogers Computing Services Group, School of Informatics & Engineering, Flinders University

Outline • • What is Amber, and what can it do? Fly through three examples of using Amber Summary Future Directions

Motivation • Account Provision – We have an existing and effective system. – But changing behaviour is difficult: C is not a good language for expressing business logic. • Change code, recompile, regression test … • Interoperability with central administration • The more we develop Amber, the more potential applications we can see.

Who Can Make Use of Amber? • Any business with processes and procedures! – – Job tracking / Help Desk Scheduling events (e. g. testing or auditing regimes) Resource allocation – human or physical Risk management / Expert Systems / Decision making – Transfer of data from one system to another – [On-line] registration activities – Verifying existing business information … • If you can explain a business process, you can probably implement it with Amber.

Who Can Make Use of Amber? • This means Amber is useful to: – Technical Managers – Administrators – Computing and Other Support Groups – OH&S Officers, Committees and Related Structures

What is Amber? • Information Management System – Read data, consider implications, update data according to administrator defined directives • Information Visualisation and Interaction System, with built in web server – Display selected information to users, and allow them to modify data, according to administrator defined directives • The Tools to Take an Information Centric Approach to Business & Business Processes

What Can Amber Do? • Keep Network Directory Contents Consistent – Consistency against user supplied rules – User account provision falls into this category: Account existence & status are consequences of the application of rules! – Resolve inconsistent situations

What Can Amber Do? • Continuously Synchronise Dis-Similar Network Information Repositories – Amber uses an internal representation, and can convert to and from other formats: abstraction – Perform intelligent synchronisation, according to administrator defined directives. • Continuously Apply Network Policies – i. e. synchronise network information with the real world, e. g. disk quotas

What Can Amber Do? • Manage Business Processes and Procedures – e. g. track process state, solicit approvals, record decisions. – Intelligently Direct Processes according to available information • If you can explain a business process, you can probably implement it with Amber.

Example 1: Account Provision • Can describe the process: – If enrolled in a topic in this school, grant an account in this school. – Disk quota is sum of quota allocations for topics in this school. • All required information is available, e. g. from HR/Student Services.

Example 1: Account Provision • Information is accessible – Active Directory: Uses LDAP for accounts – UNIX: Uses NIS, or maybe LDAP for accounts – Student Information: Uses LDAP • but in multiple incompatible formats: – We can see how to translate between the formats but our computers cannot. • If we can describe how to do this, we can get Amber to do it for us! • Automate AD accounts, group policies etc. . .

Example 1: Account Provision • Describe Rules: § topic(TOPIC, LOCATION), enrolment(STUDENT, TOPIC), _eq(LOCATION, ”this department”) -> interesting_enrolment(STUDENT, TOPIC). § interesting_enrolment(STUDENT, _) -> account_entitlement(STUDENT). § interesting_enrolment(STUDENT, TOPIC), topic_quota(STUDENT, TOPIC, QUOTA) -> student_quota(STUDENT, $+QUOTA).

Example 1: Account Provision • Hook into the network: – associate topic(T, L) with “ldap: //ldapserver/(object. Class=topic)”. – associate enrolment(S, T) with “ldap: //ldapserver/(object. Class=enrolment)”. – associate account_entitlement(S) with “ldap: //ldapserver/(object. Class=posix. User)”. – associate student_quota(S, Q) with “diskquota: //fileserver/home 1”. • Rules will now keep network consistent!

Example 2: Procedure Management • e. g. Electrical Safety Testing Management – All electrical goods require regular testing. – Interval of testing varies. – What item(s) will need testing soon? – Recording test histories

Example 2: Procedure Management

Example 2: Procedure Management • Describe Rules: • test_record(NAME, DATE) -> latest_record(NAME, $>DATE). • elec_item(NAME, FREQ), latest_record(NAME, LAST_TEST), _lessthan(LAST_TEST+FREQ, TODAY+30) -> test_soon(NAME). • elec_item(NAME, FREQ), latest_record(NAME, LAST_TEST), _lessthan(LAST_TEST+FREQ, TODAY) -> test_yesterday(NAME).

Example 2: Procedure Management • Hook into the network: – associate test_soon with “odbc: //someserver/elecdb” – associate test_yesterday with “mailto: //elecmanager@ourplace. com. zz” – associate test_record(N, D) with “odbc: //someserver/elecdb” – or: associate test_record(N, D) with “file: ///test_records. txt”

Example 2: Procedure Management

Example 2: Procedure Management • Create Web Interface: echo <p>The following need testing NOW: render test_yesterday(_) %prefix <table> %body <tr><td bgcolor=$toggle(red, pink)$> <a href=$link formelecitem(FIELD 1)$>$FIELD 1$</a> </td></tr> %missing Nothing needs testing soon. %suffix </table> %end render

Example 2: Procedure Management

Example 2: Procedure Management • Define form to accept re-test notification: render current_date(_) %prefix %body Item $ARG 1$: <form action=$link form elecrecordtest(ARG 1, FIELD 1) $> <input type=submit value='Tested Today'> </form> <a href=$link form elecdb$>Back to list</a> %missing %suffix %end render

Example 2: Procedure Management

Example 2: Procedure Management • Define form to record new test date: assert test_record(ARG 1, ARG 2) echo Test date for $ARG 1$ has been recorded form elecdb()

Example 2: Procedure Management Functional example with web interfaces, data input and management defined in only 41 lines of code!

Example 2: Procedure Management • Can now incrementally enhance while remaining online, e. g: – Add more interfaces (e. g. recent test history, revoke test, recently tested equipment, add new items) – Add authentication – Beautify existing interfaces – Modify rules to provide a different escalation policy • The strength of Amber is in its flexibility!

Example 3: Video Database • 11: 30 am – Corridor conversation about postgres to mysql database migration on linux. • 12: 09 pm – Working Amber application. • Runs in < 2 MB • Less dependencies no apache/php/mysql.

Summary • Amber combines the flexibility and functions necessary to support and build many types of on-line business process: If you can describe it, Amber can probably be made to do it. • Amber’s intelligence makes interoperability easy. • Amber reduces complexity: no separate DB, web and scripting language dependencies. Plus, fast and easy to set up, maintain and enhance.

Where To Now? • We are seeking potential users to prove the paradigm in the field – We would be interested in hearing from you if you think Amber might be able to help you. • We are seeking potential commercial partners to help bring Amber to market.